Checks for __Secure and __Host Prefixes

[RupinMittal]

I see this (https://wicg.github.io/cookie-store/#prefixes) section of the spec that says:

"Where feasible the examples use the __Host- and __Secure- name prefixes which causes some current browsers to disallow overwriting from non-secure contexts, disallow overwriting with no Secure flag, and — in the case of __Host- — disallow overwriting with an explicit Domain or non-'/' Path attribute (effectively enforcing same-origin semantics"

There are a few layout tests that check some of this behavior but I'm not quite clear on why we need this? Could someone clarify? Thank you so much!

[RupinMittal]

CC @annevk

[johannhof]

Sorry, I'm not 100% clear on what needs to be clarified here and/or what you're suggesting to be removed :)

[annevk]

There are web-platform-tests that check that various __Host--prefixed conditions cause a promise rejection, but there are no corresponding algorithm steps in the specification.

[johannhof]

Yeah I guess it also says:

Prefix rules are also enforced in write operations by this API, but may not be enforced in the same browser for other APIs.

But it would be good to clarify (and specify) what that means exactly.

Maybe something for @DCtheTall to dig into on Chrome side?

cc @inexorabletash for any historical context